Identity@CF User Account and Authentication Agenda ▪ Who we are ▪ What we build ▪ Why it’s important ▪ How to use it CloudFoundry ▪ Open Source PaaS (Platform as a service) ▪ Multiple framework support - Java, Ruby, Node, Scala ▪ Multiple application services – MySQL, Postgres, Mongo, Redis, Rabbit ▪ Cloudfoundry.org ▪ https://github.com/cloudfoundry ▪ Cloudfoundry.com – Cloudfoundry service hosted by Vmware ▪ Other cloudfoundry instances are hosted by AppFog, ActiveState and Tier3 Who we are ▪ Identity team ▪ Dale Olds ▪ Dave Syer ▪ Luke Taylor ▪ Joel D’sa ▪ Vidya Valmikinathan
[email protected] What we build ▪ UAA – User authentication and authorization server ▪ Spring Security Oauth2 – Spring project that supports UAA features ▪ uaac – Command line api client for the UAA ▪ Authentication servers to support ▪ External authentication sources (google, yahoo, github, linkedin), ▪ Enterprise identity - SAML2 Why is it important ▪ Higher degree of trust – Credentials are accepted only by a trusted source ▪ Standards based – Consistent, proven API, process and interactions that users are comfortable with ▪ Trustworthy interactions between the user and the platform ▪ Trustworthy interactions between components ▪ Simple third party participation to extend the platform Traditional approach to authentication Provides credentials Ok / Not Ok Checks user database User Server Oauth2 authorization code flow Who is this user What is he/she requesting Do I have the necessary authorization Present token with granted Accesses a client Client scopes